commit 6d86e5347e1dfb4342c848aa28b7e5c50a990fac
parent 95540264434059be249acedf25206a163d400931
Author: Oswald Buddenhagen <ossi@users.sf.net>
Date: Sun, 22 Jul 2012 17:46:54 +0200
don't access free'd memory in cancel_sync()
as it happens, the 1st round *may* trash svars - if we get the
cancelation request after the slave store has already died.
Diffstat:
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/sync.c b/src/sync.c
@@ -403,14 +403,17 @@ cancel_sync( sync_vars_t *svars )
{
int t;
- /* the 1st round is guaranteed not to trash svars */
- for (t = 0; t < 2; t++)
+ for (t = 0; t < 2; t++) {
+ int other_state = svars->state[1-t];
if (svars->ret & SYNC_BAD(t)) {
svars->drv[t]->cancel_store( svars->ctx[t] );
cancel_done( AUX );
} else {
svars->drv[t]->cancel( svars->ctx[t], cancel_done, AUX );
}
+ if (other_state & ST_CANCELED)
+ break;
+ }
}
static void
